<?

/*
*
*   Excalibur Content Management System
*   Copyright © 2008 Egor "Sontan" Kuryanovich
*
*   Based on Explay Engine v2.0 by Golovdinov Alexander
*
*   Official site: www.excms.ru
*   Contact e-mail: support@excms.ru
*
*   GNU General Public License original source:
*   http://www.gnu.org/licenses/gpl-3.0.html
*
*/


header('Content-type: text/html; charset=utf-8');
header('Cache-Control: no-cache');

$EXCMS = 'work';

error_reporting (0);

include $_SERVER['DOCUMENT_ROOT'].'/engine/settings.php';
include $_SERVER['DOCUMENT_ROOT'].'/engine/mysql.class.php';
$db = new DB($server, $dbusername, $dbpassword, $dbname);
$db->connect();

if (!$mainsettings = $db->query ('SELECT * FROM site_main')) 
{ 
	echo '<center><b>Невозможно взять данные из БД!<br>Обратитесь к администратору сайта!</b>'; 
	exit;
}
$SITE = $db->fetch_array ($mainsettings);

$theme = $SITE['site_theme'];

if (isset($_COOKIE['login']) && isset ($_COOKIE['pass']) && $_COOKIE['login'] != "false" && $_COOKIE['pass'] != "false") 
{
	$GLOBAL_USER_LOGIN = addslashes($_COOKIE['login']);
	$GLOBAL_USER_PASS = addslashes($_COOKIE['pass']);
	if ($GLOBAL_USER_LOGIN != "" && $GLOBAL_USER_PASS != "")
		$SELECT_USER = $db->query ("SELECT * FROM ".DB_PEREFIX."_users WHERE user_login = '$GLOBAL_USER_LOGIN' && user_password = '$GLOBAL_USER_PASS'");
	if ($db->num_rows ($SELECT_USER) == 1) {
		$GLOBAL_USER = $db->fetch_array ($SELECT_USER);
	}
}

if (!isset($GLOBAL_USER)) exit;

if (isset($_POST['id']) && $_POST['id'] != $GLOBAL_USER['user_id']) 
{
	$id = intval($_POST['id']);
	$check = $db->num_rows ($db->query ("SELECT * FROM ".DB_PEREFIX."_users WHERE user_id = '$id'"));
	
	if ($check == 1 && !isset_friend ($id)) 
	{
		$friends = $db->fetch_array ($db->query ("SELECT user_friends FROM ".DB_PEREFIX."_users WHERE user_id = '{$GLOBAL_USER['user_id']}'"));
		if ($friends['user_friends'] == "") $add = $id;
		else $add = $friends['user_friends'].",$id";
		$db->query ("UPDATE ".DB_PEREFIX."_users SET user_friends = '$add' WHERE user_id = '{$GLOBAL_USER['user_id']}'");
		
		$header = 'Вас добавили в список друзей.';
		$body  = 'Пользователь <a href="/users/'.$GLOBAL_USER['user_id'].'.html">'.$GLOBAL_USER['user_name'].'</a>';
		$body .= ' добавил Вас в список своих друзей. Ответить взаимностью вы можете на ';
		$body .= '<a href="/users/'.$GLOBAL_USER['user_id'].'.html">его странице</a>.';
		
		$db->query ("INSERT INTO ".DB_PEREFIX."_messages VALUES (0, '$id', '{$GLOBAL_USER['user_id']}', '$header', '$body', '".time()."', 'new')");
		
		echo '<a href="/" onclick="add_friend(',$id,'); return false;" title="Удалить пользователя из друзей">
			<img src="/themes/',$theme,'/images/user_delete.gif" alt="" align="absmiddle" /></a>
			<a href="/messages/write/?to=',$id,'" title="Написать персональное сообщение">
			<img src="/themes/',$theme,'/images/user_message.gif" alt="" align="absmiddle" /></a>';
	}
	elseif ($check == 1 && isset_friend ($id)) 
	{
		$friends = explode (',', $GLOBAL_USER['user_friends']);
		if (count($friends) == 1) $new = '';
		else {
			if ($friends[0] == $id) $new = substr ($GLOBAL_USER['user_friends'], strlen($friends[0]), (strlen($GLOBAL_USER['user_friends'])-1));
			else {
				$new_ = explode (",$id", $GLOBAL_USER['user_friends']);
				$new = $new_[0].$new_[1];
			}
		}
		$db->query ("UPDATE ".DB_PEREFIX."_users SET user_friends = '$new' WHERE user_id = '{$GLOBAL_USER['user_id']}'");
		//print count ($friends);
		
		echo '<a href="/" onclick="add_friend (',$id,'); return false;" title="Добавить в друзья">
				<img src="/themes/',$theme,'/images/user_add.gif" alt="" align="absmiddle" /></a>';
	}
}

function isset_friend ($id) 
{
	global $GLOBAL_USER, $db;
	$my_friends = $db->fetch_array ($db->query ("SELECT user_friends FROM ".DB_PEREFIX."_users WHERE user_id = '{$GLOBAL_USER['user_id']}'"));
	$friends = $my_friends['user_friends'];
	$friends = explode (",", $friends);
	foreach ($friends as $friend) if ($friend == $id) return true;
	return false;
}

